Today, sensors in user computing devices (or user device) are used to capture data for making decisions and/or taking actions with respect to the data. These sensors can include human-interface devices such as, for example, keyboards, microphones, and video cameras that are connected to a PCI bus based controller on the user device, either directly through a physical connection or indirectly through wireless interfaces. Each sensor can be connected to a PCI peripheral device controller, for example a PCI Express (PCIe) based controller or a legacy PCI based controller that must be configured through a process called PCI enumeration before it can be used by the user device.
When a computing device first powers up, a number of internal or external sensors are initialized or configured prior to loading the computer's operating system (OS). Sensors can be connected to the PCI peripheral device controller through USB, Camera Serial Interfaces, or other interfaces. Each sensor is configured through a process called sensor enumeration that receives commands from the peripheral device controller to which they are connected. Prior to sensor enumeration, peripheral device controller initialization is performed via PCI Bus enumeration by the Basic Input Output System (BIOS) during boot-up. The BIOS follows PCI enumeration to read capabilities exposed by the peripheral device controller at a specific Bus, Device, and Function location (commonly referred to as BDF location). Each peripheral device controller has a set of registers that is referred to as a configuration space, which is addressable through the BDF location. The BDF is a numerical triplet that identifies a peripheral device controller and its location on the bus. PCI Configuration space allows the B value (of the BDF) to be programmable by BIOS or operating system. Since the BDF serves as the basis of security framework with the VTd engine, it is necessary to lock down the BDF value of a PCI Controller such that it remains unchanged during runtime. It is also necessary to ensure that no other PCI Controller is allowed to masquerade itself with the BDF value of the controllers of interest.
Upon retrieving the configuration space from the peripheral device controller, the BIOS or operating system will configure the peripheral device controller to be accessible from a set of memory-mapped address range. This region is generally referred to as MMIO region. Through enumeration, address registers in the peripheral device controller's configuration space are mapped to the computer system's memory-mapped address spaces for PCI based Peripheral device controllers. These MMIO addresses stay valid as long as the computer system is powered on or until operating system chooses to rebalance the MMIO address range. The BIOS may initialize the MMIO address space corresponding to a specific BDF location PCI configuration space. The operating system (OS) may obtain this information by repeating the PCI enumeration and simply reading the PCI configuration space. Reads and writes to the peripheral device controller can be initiated from the processor via or by the memory-mapped address region (MMIO). Thus, for a given BDF, the peripheral device controller will be mapped to a particular address range in physical memory
The memory mapped region for the peripheral device controller may be altered by the operating system for rebalancing the MMIO space. In order to support this requirement the PCI configuration space of the peripheral device controller is available to RING-0 based OS software.
However, the memory mapped region for the peripheral device controller may also be vulnerable to malware. For example, these peripheral device controllers may be subject to Ring-0 malware attacks that can access those MMIO address ranges for reconfiguring the address locations and compromising security of the data that may be received from the sensor connected to the peripheral device controller.
Specifically some peripheral device controllers return data to the computing system software using DMA techniques wherein data read from the sensor is directly DMAed to the memory. In order to route the DMA data to a specific memory region VTd HW is available inside the processing system. The VTd HW is programmed with VTd page table per bus device function location.
A privileged peripheral device controller such as one connected to a biometric authentication sensor may be allowed to perform DMA operations to a privileged memory region through the VTd HW programming. Such DMA operations may including reading input data using DMA from a privileged memory region and returning output data to using DMA to a privileged memory location.
However if the BDF value or the MMIO space of the peripheral device controller can be compromised such that it performs DMA read data operations from an area of memory that can be accessed by malware then the image can be captured by malware. This is known as the data capture attack.
Similarly if the BDF value or the MMIO space of the peripheral device controller can be compromised such that it performs DMA write operations to privileged memory region after receiving data from compromised memory region, it is possible to create a data injection attack.
PCI Controller specification also allow peer-to-peer DMA transactions. One such example is DMA write data from the PCI controller supporting secure sensor data may be DMAed to a peer PCI Controller, which supports a storage device. Such transfer would violate the privacy requirement associated with the sensor data. Such capability may be enabled or disabled using Access Control Services in the PCI configuration space.
However, there are no current techniques for protecting BDF values, memory address ranges and access control services from access by resident Ring-0 and Ring-3 malware, while allowing a legitimate RING-0 software to perform legitimate accesses to the same address range. A technique for protecting data received from a sensor from Ring-0 and Ring-3 resident malware would be desirable.